Security
Last updated: June 2026
CryptoKar handles sensitive financial data, so security is a first-class concern. We follow reasonable security practices in line with the Information Technology Act, 2000 and aligned with the principles of the ISO/IEC 27001 standard. Here is how we protect your data.
Your CSV files are parsed in your browser
When you import an exchange CSV, the file is read and parsed locally on your device. Only the parsed transactions needed to compute your tax are sent to our servers, and the raw file itself stays with you.
Encryption in transit
All traffic between your browser and CryptoKar is encrypted over HTTPS/TLS.
Strict per-account access controls
Every record is scoped to the account that owns it. Our queries are filtered by the signed-in user's identity, so one user can never access another user's transactions or reports.
We never see your payment details
Payments are processed by Razorpay. We never receive or store your full card number, CVV, or UPI PIN.
Least-data principle
We collect only the data we need to run the service, and we keep it only for as long as necessary. See our privacy policy for details.
Responsible disclosure
If you discover a security vulnerability, please report it privately to [email protected] before disclosing it publicly. We will acknowledge your report, investigate promptly, and keep you updated. We appreciate the security community's help in keeping our users safe.